A Security Architecture for Inter-Organizational Workflows: Putting Security Standards for Web Services Together

@inproceedings{Hafner2005ASA,
  title={A Security Architecture for Inter-Organizational Workflows: Putting Security Standards for Web Services Together},
  author={M. Hafner and R. Breu and M. Breu},
  booktitle={ICEIS},
  year={2005}
}
Modern eBusiness processes are spanning over a set of public authorities and private corporations. Those processes require high security principles, rooted on open standards. The SECTINO project follows the paradigm of model driven security architecture: High level business-oriented security requirements for inter-organizational workflows are translated into a configuration for a standards based target architecture. The target architecture encapsulates a set of core web services, links them via… Expand
Realizing model driven security for inter-organizational workflows with WS-CDL and UML 2.0
TLDR
A UML based approach for the modeling of security-critical inter-organizational workflows and map it to the Web Services Choreography Description Language, based on a set of security patterns integrated into UML class and activity diagrams. Expand
Model-Driven Security Engineering for Trust Management in SECTET
TLDR
A high-level domain specific language – called SECTET-PL is presented, a policy language influenced by Object Constraint Language and interpreted in the context of UML models that facilitates the design and implementation of secure inter-organizational workflows and the transformation of high- level security models to low-level web services standard artefacts is described. Expand
Model driven security engineering for the realization of dynamic security requirements in collaborative systems
TLDR
This paper provides a bird eye view of a doctoral work, where an effort is made to develop a conceptual framework - called SECTET in order to apply model driven security engineering techniques for the realization of high-level security requirements. Expand
Security modeling for service-oriented systems using security pattern refinement approach
TLDR
A pattern refinement approach for security modeling to achieve configurable and declarative security, based on the principles of abstraction, refinement, separation-of-concerns and maintainability to achieve flexible configurations of SOA security is proposed. Expand
Supporting Secure Information Flow: An Engineering Approach
TLDR
A distributed access control enforcement approach for workflow objects e.g., a document assigned to a pre-defined workflow using software agents and data encryption techniques to provide access control for information flow that crosses organisational boundaries is described. Expand
Web Service Engineering - Advancing a New Software Engineering Discipline
TLDR
Sectet, a tool-based framework for the design, implementation and quality assurance of web service based applications, is presented with main focus on the design of inter-organizational workflows, the model driven realization of security aspects and testing of workflows. Expand
From Inter-organizational Workflows to Process Execution: Generating BPEL from WS-CDL
TLDR
This paper shows how BPEL process definitions of parties involved in a choreography can be derived from the global WS-CDL model and implemented a prototype of the mappings as a proof of concept. Expand
A Framework for Modeling Restricted Delegation in Service Oriented Architecture
We present a novel approach for modeling restricted delegation of rights in a distributed environment based on web services. Our approach is based on SECTET-PL [5], a predicative language forExpand
Secure information flow for inter-organisational collaborative environments
TLDR
This thesis proposes an architecture model for specifying and enforcing access control restrictions on sensitive data that follows a pre-defined inter-organisational workflow using cryptographic access control – a concept that relies on cryptography to enforce access control policies. Expand
A constraint based role based access control in the SECTET a model-driven approach
TLDR
An extension to Role Based Access Control [29], Constraint based RBAC (CRBAC), in order to make RBAC applicable into the dynamic environment of SOA, and SECTET-PL, a high-level language for the specification of PAC, a policy language influenced by OCL and interpreted in the context of UML models are presented. Expand
...
1
2
...

References

SHOWING 1-10 OF 24 REFERENCES
Model Driven Security for Inter-organizational Workflows in e-Government
TLDR
This work focuses on the realization of security-critical inter-organizational workflows in the context of web services and web service orchestration in e-government. Expand
A Requirement for a XML Web Services Security Architecture
TLDR
A comprehensive XML Web Services Management Architecture that supports, integrates and unifies several security models, mechanisms and technologies in a way that enable a variety of systems to securely interoperate in a platform independent, comprehensive manner is described. Expand
Model driven security for Web services (MDS4WS)
  • M.M. Alam, R. Breu, M. Breu
  • Computer Science
  • 8th International Multitopic Conference, 2004. Proceedings of INMIC 2004.
  • 2004
TLDR
In this work, a designer builds an interface model for the Web services along with security requirements using the object constraint language (OCL) and role based access control (RBAC) and then generates from these specifications a complete configured security infrastructure in the form of Extended Access Control Markup Language (XACML) policy files. Expand
Web Services Security: Is the Problem Solved?
TLDR
It is demonstrated that much work needs to be done in Web services security standardization as well as the main initiatives and their respective specifications that try to prevent the new Web service security threats. Expand
SecureUML: A UML-Based Modeling Language for Model-Driven Security
TLDR
The approach is based on role-based access control with additional support for specifying authorization constraints and can be used to improve productivity during the development of secure distributed systems and the quality of the resulting systems. Expand
Loosely coupled interorganizational workflows: : modeling and analyzing workflows crossing organizational boundaries
  • W. Aalst
  • Computer Science, Engineering
  • Inf. Manag.
  • 2000
TLDR
This paper considers workflows distributed over a number of organizations, and investigates whether an interorganizational workflow, modeled in terms of Petri nets, is consistent with an interaction structure specified through a message sequence chart. Expand
Web services security: soap message security
TLDR
This specification describes enhancements to the SOAP messaging to provide quality of protection through message integrity, and single message authentication, and describes how to encode binary security tokens, a framework for XML-based tokens, and how to include opaque encrypted keys. Expand
Web Services Policy Framework (WS- Policy)
The Web Services Policy Framework (WS-Policy) provides a general purpose model and corresponding syntax to describe the policies of a Web Service. WS-Policy defines a base set of constructs that canExpand
SOAP Version 1. 2 Part 1: Messaging Framework
TLDR
This document defines, using XML technologies, an extensible messaging framework containing a message construct that can be exchanged over a variety of underlying protocols that enhances the functionality and interoperability of the Web. Expand
Role-Based Access Control Models
TLDR
Why RBAC is receiving renewed attention as a method of security administration and review is explained, a framework of four reference models developed to better understandRBAC is described, and the use of RBAC to manage itself is discussed. Expand
...
1
2
3
...